Fix qemu:///session connect race failures (bz #1271183)

driver: log missing modules as INFO, not WARN (bz #1274849)

0001-qemu_hotplug-Allow-QoS-update-in-qemuDomainChangeNet.patch

@@ -1,66 +0,0 @@
-From d519f225d79a61451cfa62b463ea3083e9367353 Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Tue, 1 Oct 2013 15:04:48 +0200
-Subject: [PATCH] qemu_hotplug: Allow QoS update in qemuDomainChangeNet
-
-The qemuDomainChangeNet() is called when 'virsh update-device' is
-invoked on a NIC. Currently, we fail to update the QoS even though
-we have routines for that.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 9fa10d3901a14997f724fe50ad8a33d7f0d23abe)
----
- src/qemu/qemu_hotplug.c | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
-index f06930e..818c726 100644
---- a/src/qemu/qemu_hotplug.c
-+++ b/src/qemu/qemu_hotplug.c
-@@ -1799,6 +1799,7 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
-     bool needFilterChange = false;
-     bool needLinkStateChange = false;
-     bool needReplaceDevDef = false;
-+    bool needBandwidthSet = false;
-     int ret = -1;
- 
-     if (!devslot || !(olddev = *devslot)) {
-@@ -2062,8 +2063,6 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
-         virDomainNetGetActualDirectMode(olddev) != virDomainNetGetActualDirectMode(olddev) ||
-         !virNetDevVPortProfileEqual(virDomainNetGetActualVirtPortProfile(olddev),
-                                     virDomainNetGetActualVirtPortProfile(newdev)) ||
--        !virNetDevBandwidthEqual(virDomainNetGetActualBandwidth(olddev),
--                                 virDomainNetGetActualBandwidth(newdev)) ||
-         !virNetDevVlanEqual(virDomainNetGetActualVlan(olddev),
-                             virDomainNetGetActualVlan(newdev))) {
-         needReconnect = true;
-@@ -2072,6 +2071,10 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
-     if (olddev->linkstate != newdev->linkstate)
-         needLinkStateChange = true;
- 
-+    if (!virNetDevBandwidthEqual(virDomainNetGetActualBandwidth(olddev),
-+                                 virDomainNetGetActualBandwidth(newdev)))
-+        needBandwidthSet = true;
-+
-     /* FINALLY - actually perform the required actions */
- 
-     if (needReconnect) {
-@@ -2081,6 +2084,18 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
-         goto cleanup;
-     }
- 
-+    if (needBandwidthSet) {
-+        if (virNetDevBandwidthSet(newdev->ifname,
-+                                  virDomainNetGetActualBandwidth(newdev),
-+                                  false) < 0) {
-+            virReportError(VIR_ERR_INTERNAL_ERROR,
-+                           _("cannot set bandwidth limits on %s"),
-+                           newdev->ifname);
-+            goto cleanup;
-+        }
-+        needReplaceDevDef = true;
-+    }
-+
-     if (needBridgeChange) {
-         if (qemuDomainChangeNetBridge(dom->conn, vm, olddev, newdev) < 0)
-             goto cleanup;

0001-schema-interleave-domain-name-and-uuid-with-other-el.patch

@@ -0,0 +1,38 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Thu, 17 Dec 2015 13:43:58 +0100
+Subject: [PATCH] schema: interleave domain name and uuid with other elements
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Allow <name> and <uuid> anywhere under <domain>, not just at the top:
+
+error:XML document failed to validate against schema: Unable to validate
+doc against /usr/share/libvirt/schemas/domain.rng
+Expecting an element name, got nothing
+Invalid sequence in interleave
+Element domain failed to validate content
+
+Introduced with the first RelaxNG schema in commit c642103.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1292131
+(cherry picked from commit b4e0549febe416ffefc16f389423740d6d65fa74)
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ docs/schemas/domaincommon.rng | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
+index b252a17..48610ce 100644
+--- a/docs/schemas/domaincommon.rng
++++ b/docs/schemas/domaincommon.rng
+@@ -30,8 +30,8 @@
+   <define name="domain">
+     <element name="domain">
+       <ref name="hvs"/>
+-      <ref name="ids"/>
+       <interleave>
++        <ref name="ids"/>
+         <optional>
+           <ref name="title"/>
+         </optional>

0002-leaseshelper-fix-crash-when-no-mac-is-specified.patch

@@ -0,0 +1,32 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Thu, 14 Jan 2016 14:31:17 +0100
+Subject: [PATCH] leaseshelper: fix crash when no mac is specified
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If dnsmasq specified DNSMASQ_IAID (so we're dealing with an IPv6
+lease) but no DNSMASQ_MAC, we skip creation of the new lease object.
+
+Also skip adding it to the leases array.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1202350
+(cherry picked from commit df9fe124d650bc438c531673492569da87523d20)
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/network/leaseshelper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c
+index 2d528f7..6930310 100644
+--- a/src/network/leaseshelper.c
++++ b/src/network/leaseshelper.c
+@@ -439,7 +439,7 @@ main(int argc, char **argv)
+ 
+     case VIR_LEASE_ACTION_OLD:
+     case VIR_LEASE_ACTION_ADD:
+-        if (virJSONValueArrayAppend(leases_array_new, lease_new) < 0) {
++        if (lease_new && virJSONValueArrayAppend(leases_array_new, lease_new) < 0) {
+             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("failed to create json"));
+             goto cleanup;

0002-virNetDevBandwidthEqual-Make-it-more-robust.patch

@@ -1,57 +0,0 @@
-From 658f4b3c39c9bdd490a44175742f8259dd10b84f Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Wed, 2 Oct 2013 09:18:02 +0200
-Subject: [PATCH] virNetDevBandwidthEqual: Make it more robust
-
-So far the virNetDevBandwidthEqual() expected both ->in and ->out items
-to be allocated for both @a and @b compared. This is not necessary true
-for all our code. For instance, running 'update-device' twice over a NIC
-with the very same XML results in SIGSEGV-ing in this function.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit ee02fbc8e4a24c1347761ceff2ddb2c108e9611c)
----
- src/util/virnetdevbandwidth.c | 26 ++++++++++++++++++++------
- 1 file changed, 20 insertions(+), 6 deletions(-)
-
-diff --git a/src/util/virnetdevbandwidth.c b/src/util/virnetdevbandwidth.c
-index 42b0a50..17f4fa3 100644
---- a/src/util/virnetdevbandwidth.c
-+++ b/src/util/virnetdevbandwidth.c
-@@ -335,16 +335,30 @@ virNetDevBandwidthEqual(virNetDevBandwidthPtr a,
-         return false;
- 
-     /* in */
--    if (a->in->average != b->in->average ||
--        a->in->peak != b->in->peak ||
--        a->in->burst != b->in->burst)
-+    if (a->in) {
-+        if (!b->in)
-+            return false;
-+
-+        if (a->in->average != b->in->average ||
-+            a->in->peak != b->in->peak ||
-+            a->in->burst != b->in->burst)
-+            return false;
-+    } else if (b->in) {
-         return false;
-+    }
- 
-     /*out*/
--    if (a->out->average != b->out->average ||
--        a->out->peak != b->out->peak ||
--        a->out->burst != b->out->burst)
-+    if (a->out) {
-+        if (!b->out)
-+            return false;
-+
-+        if (a->out->average != b->out->average ||
-+            a->out->peak != b->out->peak ||
-+            a->out->burst != b->out->burst)
-+            return false;
-+    } else if (b->out) {
-         return false;
-+    }
- 
-     return true;
- }

0003-Remove-virConnectPtr-arg-from-virNWFilterDefParse.patch

@@ -1,105 +0,0 @@
-From 56c170544f7a71749ef63fef650c71787c05e8af Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Thu, 3 Oct 2013 14:06:58 +0100
-Subject: [PATCH] Remove virConnectPtr arg from virNWFilterDefParse*
-
-None of the virNWFilterDefParse* methods require a virConnectPtr
-arg, so just drop it
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
----
- src/conf/nwfilter_conf.c       | 15 ++++++---------
- src/conf/nwfilter_conf.h       |  6 ++----
- src/nwfilter/nwfilter_driver.c |  2 +-
- tests/nwfilterxml2xmltest.c    |  2 +-
- 4 files changed, 10 insertions(+), 15 deletions(-)
-
-diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
-index 3456b77..c009921 100644
---- a/src/conf/nwfilter_conf.c
-+++ b/src/conf/nwfilter_conf.c
-@@ -2634,8 +2634,7 @@ cleanup:
- 
- 
- static virNWFilterDefPtr
--virNWFilterDefParse(virConnectPtr conn ATTRIBUTE_UNUSED,
--                    const char *xmlStr,
-+virNWFilterDefParse(const char *xmlStr,
-                     const char *filename) {
-     virNWFilterDefPtr def = NULL;
-     xmlDocPtr xml;
-@@ -2650,18 +2649,16 @@ virNWFilterDefParse(virConnectPtr conn ATTRIBUTE_UNUSED,
- 
- 
- virNWFilterDefPtr
--virNWFilterDefParseString(virConnectPtr conn,
--                          const char *xmlStr)
-+virNWFilterDefParseString(const char *xmlStr)
- {
--    return virNWFilterDefParse(conn, xmlStr, NULL);
-+    return virNWFilterDefParse(xmlStr, NULL);
- }
- 
- 
- virNWFilterDefPtr
--virNWFilterDefParseFile(virConnectPtr conn,
--                        const char *filename)
-+virNWFilterDefParseFile(const char *filename)
- {
--    return virNWFilterDefParse(conn, NULL, filename);
-+    return virNWFilterDefParse(NULL, filename);
- }
- 
- 
-@@ -3056,7 +3053,7 @@ virNWFilterObjLoad(virConnectPtr conn,
-     virNWFilterDefPtr def;
-     virNWFilterObjPtr nwfilter;
- 
--    if (!(def = virNWFilterDefParseFile(conn, path))) {
-+    if (!(def = virNWFilterDefParseFile(path))) {
-         return NULL;
-     }
- 
-diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
-index 5d04cff..faa7527 100644
---- a/src/conf/nwfilter_conf.h
-+++ b/src/conf/nwfilter_conf.h
-@@ -713,10 +713,8 @@ int virNWFilterLoadAllConfigs(virConnectPtr conn,
- char *virNWFilterConfigFile(const char *dir,
-                             const char *name);
- 
--virNWFilterDefPtr virNWFilterDefParseString(virConnectPtr conn,
--                                            const char *xml);
--virNWFilterDefPtr virNWFilterDefParseFile(virConnectPtr conn,
--                                          const char *filename);
-+virNWFilterDefPtr virNWFilterDefParseString(const char *xml);
-+virNWFilterDefPtr virNWFilterDefParseFile(const char *filename);
- 
- void virNWFilterObjLock(virNWFilterObjPtr obj);
- void virNWFilterObjUnlock(virNWFilterObjPtr obj);
-diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
-index 1ed28a2..c2afdfc 100644
---- a/src/nwfilter/nwfilter_driver.c
-+++ b/src/nwfilter/nwfilter_driver.c
-@@ -566,7 +566,7 @@ nwfilterDefineXML(virConnectPtr conn,
-     nwfilterDriverLock(driver);
-     virNWFilterCallbackDriversLock();
- 
--    if (!(def = virNWFilterDefParseString(conn, xml)))
-+    if (!(def = virNWFilterDefParseString(xml)))
-         goto cleanup;
- 
-     if (virNWFilterDefineXMLEnsureACL(conn, def) < 0)
-diff --git a/tests/nwfilterxml2xmltest.c b/tests/nwfilterxml2xmltest.c
-index 84e61da..14191a6 100644
---- a/tests/nwfilterxml2xmltest.c
-+++ b/tests/nwfilterxml2xmltest.c
-@@ -36,7 +36,7 @@ testCompareXMLToXMLFiles(const char *inxml, const char *outxml,
- 
-     virResetLastError();
- 
--    if (!(dev = virNWFilterDefParseString(NULL, inXmlData))) {
-+    if (!(dev = virNWFilterDefParseString(inXmlData))) {
-         if (expect_error) {
-             virResetLastError();
-             goto done;

0003-build-predictably-generate-systemtap-tapsets-bz-1173.patch

@@ -0,0 +1,63 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 19 Jan 2016 22:19:56 -0500
+Subject: [PATCH] build: predictably generate systemtap tapsets (bz 1173641)
+
+The generated output is dependent on perl hashtable ordering, which
+gives different results for i686 and x86_64. Fix this by sorting
+the hash keys before iterating over them
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1173641
+(cherry picked from commit a1edb05c6028470aa24b74aa0f8d5fb5a181128a)
+---
+ src/rpc/gensystemtap.pl | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/rpc/gensystemtap.pl b/src/rpc/gensystemtap.pl
+index 2467300..7b80fbf 100755
+--- a/src/rpc/gensystemtap.pl
++++ b/src/rpc/gensystemtap.pl
+@@ -72,7 +72,7 @@ function libvirt_rpc_auth_name(type, verbose)
+ {
+ EOF
+ my $first = 1;
+-foreach my $type (keys %auth) {
++foreach my $type (sort(keys %auth)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (type == ", $type, ") {\n";
+@@ -95,7 +95,7 @@ function libvirt_rpc_type_name(type, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $type (keys %type) {
++foreach my $type (sort(keys %type)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (type == ", $type, ") {\n";
+@@ -118,7 +118,7 @@ function libvirt_rpc_status_name(status, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $status (keys %status) {
++foreach my $status (sort(keys %status)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (status == ", $status, ") {\n";
+@@ -141,7 +141,7 @@ function libvirt_rpc_program_name(program, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $prog (keys %funcs) {
++foreach my $prog (sort(keys %funcs)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (program == ", $funcs{$prog}->{id}, ") {\n";
+@@ -165,7 +165,7 @@ function libvirt_rpc_procedure_name(program, version, proc, verbose)
+ {
+ EOF
+ $first = 1;
+-foreach my $prog (keys %funcs) {
++foreach my $prog (sort(keys %funcs)) {
+     my $cond = $first ? "if" : "} else if";
+     $first = 0;
+     print "  $cond (program == ", $funcs{$prog}->{id}, " && version == ", $funcs{$prog}->{version}, ") {\n";

0004-Don-t-pass-virConnectPtr-in-nwfilter-struct-domUpdat.patch

@@ -1,355 +0,0 @@
-From 0a5abfb22d5d030cc3780c44b805b5b92567b44a Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Thu, 3 Oct 2013 14:06:59 +0100
-Subject: [PATCH] Don't pass virConnectPtr in nwfilter 'struct
- domUpdateCBStruct'
-
-The nwfilter driver only needs a reference to its private
-state object, not a full virConnectPtr. Update the domUpdateCBStruct
-struct to have a 'void *opaque' field instead of a virConnectPtr.
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
----
- src/conf/nwfilter_conf.c               | 14 +++++++++++---
- src/conf/nwfilter_conf.h               |  4 ++--
- src/nwfilter/nwfilter_dhcpsnoop.c      | 12 ++++++------
- src/nwfilter/nwfilter_driver.c         |  5 +++--
- src/nwfilter/nwfilter_gentech_driver.c | 32 ++++++++++++++++----------------
- src/nwfilter/nwfilter_gentech_driver.h | 10 +++++-----
- src/nwfilter/nwfilter_learnipaddr.c    |  6 +++---
- 7 files changed, 46 insertions(+), 37 deletions(-)
-
-diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
-index c009921..9927f7e 100644
---- a/src/conf/nwfilter_conf.c
-+++ b/src/conf/nwfilter_conf.c
-@@ -2850,6 +2850,7 @@ virNWFilterCallbackDriversUnlock(void)
- 
- 
- static virDomainObjListIterator virNWFilterDomainFWUpdateCB;
-+static void *virNWFilterDomainFWUpdateOpaque;
- 
- /**
-  * virNWFilterInstFiltersOnAllVMs:
-@@ -2861,7 +2862,7 @@ virNWFilterInstFiltersOnAllVMs(virConnectPtr conn)
- {
-     size_t i;
-     struct domUpdateCBStruct cb = {
--        .conn = conn,
-+        .opaque = virNWFilterDomainFWUpdateOpaque,
-         .step = STEP_APPLY_CURRENT,
-         .skipInterfaces = NULL, /* not needed */
-     };
-@@ -2880,7 +2881,7 @@ virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)
-     size_t i;
-     int ret = 0;
-     struct domUpdateCBStruct cb = {
--        .conn = conn,
-+        .opaque = virNWFilterDomainFWUpdateOpaque,
-         .step = STEP_APPLY_NEW,
-         .skipInterfaces = virHashCreate(0, NULL),
-     };
-@@ -3474,9 +3475,14 @@ char *virNWFilterConfigFile(const char *dir,
- }
- 
- 
--int virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB)
-+int virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB,
-+                             void *opaque)
- {
-+    if (initialized)
-+        return -1;
-+
-     virNWFilterDomainFWUpdateCB = domUpdateCB;
-+    virNWFilterDomainFWUpdateOpaque = opaque;
- 
-     initialized = true;
- 
-@@ -3495,6 +3501,8 @@ void virNWFilterConfLayerShutdown(void)
-     virMutexDestroy(&updateMutex);
- 
-     initialized = false;
-+    virNWFilterDomainFWUpdateOpaque = NULL;
-+    virNWFilterDomainFWUpdateCB = NULL;
- }
- 
- 
-diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
-index faa7527..e470615 100644
---- a/src/conf/nwfilter_conf.h
-+++ b/src/conf/nwfilter_conf.h
-@@ -586,7 +586,7 @@ enum UpdateStep {
- };
- 
- struct domUpdateCBStruct {
--    virConnectPtr conn;
-+    void *opaque;
-     enum UpdateStep step;
-     virHashTablePtr skipInterfaces;
- };
-@@ -722,7 +722,7 @@ void virNWFilterObjUnlock(virNWFilterObjPtr obj);
- void virNWFilterLockFilterUpdates(void);
- void virNWFilterUnlockFilterUpdates(void);
- 
--int virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB);
-+int virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB, void *opaque);
- void virNWFilterConfLayerShutdown(void);
- 
- int virNWFilterInstFiltersOnAllVMs(virConnectPtr conn);
-diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
-index 3e9f046..2bc1686 100644
---- a/src/nwfilter/nwfilter_dhcpsnoop.c
-+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
-@@ -481,15 +481,15 @@ virNWFilterSnoopIPLeaseInstallRule(virNWFilterSnoopIPLeasePtr ipl,
-     /* instantiate the filters */
- 
-     if (req->ifname)
--        rc = virNWFilterInstantiateFilterLate(NULL,
-+        rc = virNWFilterInstantiateFilterLate(req->driver,
-+                                              NULL,
-                                               req->ifname,
-                                               req->ifindex,
-                                               req->linkdev,
-                                               req->nettype,
-                                               &req->macaddr,
-                                               req->filtername,
--                                              req->vars,
--                                              req->driver);
-+                                              req->vars);
- 
- exit_snooprequnlock:
-     virNWFilterSnoopReqUnlock(req);
-@@ -867,15 +867,15 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req,
-         goto skip_instantiate;
- 
-     if (ipAddrLeft) {
--        ret = virNWFilterInstantiateFilterLate(NULL,
-+        ret = virNWFilterInstantiateFilterLate(req->driver,
-+                                               NULL,
-                                                req->ifname,
-                                                req->ifindex,
-                                                req->linkdev,
-                                                req->nettype,
-                                                &req->macaddr,
-                                                req->filtername,
--                                               req->vars,
--                                               req->driver);
-+                                               req->vars);
-     } else {
-         const virNWFilterVarValuePtr dhcpsrvrs =
-             virHashLookup(req->vars->hashTable, NWFILTER_VARNAME_DHCPSERVER);
-diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
-index c2afdfc..6e20e03 100644
---- a/src/nwfilter/nwfilter_driver.c
-+++ b/src/nwfilter/nwfilter_driver.c
-@@ -203,7 +203,8 @@ nwfilterStateInitialize(bool privileged,
- 
-     virNWFilterTechDriversInit(privileged);
- 
--    if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB) < 0)
-+    if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB,
-+                                 driverState) < 0)
-         goto err_techdrivers_shutdown;
- 
-     /*
-@@ -681,7 +682,7 @@ nwfilterInstantiateFilter(virConnectPtr conn,
-                           const unsigned char *vmuuid,
-                           virDomainNetDefPtr net)
- {
--    return virNWFilterInstantiateFilter(conn, vmuuid, net);
-+    return virNWFilterInstantiateFilter(conn->nwfilterPrivateData, vmuuid, net);
- }
- 
- 
-diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
-index 382d73f..5961165 100644
---- a/src/nwfilter/nwfilter_gentech_driver.c
-+++ b/src/nwfilter/nwfilter_gentech_driver.c
-@@ -800,7 +800,8 @@ err_unresolvable_vars:
-  * Call this function while holding the NWFilter filter update lock
-  */
- static int
--__virNWFilterInstantiateFilter(const unsigned char *vmuuid,
-+__virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver,
-+                               const unsigned char *vmuuid,
-                                bool teardownOld,
-                                const char *ifname,
-                                int ifindex,
-@@ -810,7 +811,6 @@ __virNWFilterInstantiateFilter(const unsigned char *vmuuid,
-                                const char *filtername,
-                                virNWFilterHashTablePtr filterparams,
-                                enum instCase useNewFilter,
--                               virNWFilterDriverStatePtr driver,
-                                bool forceWithPendingReq,
-                                bool *foundNewFilter)
- {
-@@ -921,7 +921,7 @@ err_exit:
- 
- 
- static int
--_virNWFilterInstantiateFilter(virConnectPtr conn,
-+_virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver,
-                               const unsigned char *vmuuid,
-                               const virDomainNetDefPtr net,
-                               bool teardownOld,
-@@ -948,7 +948,8 @@ _virNWFilterInstantiateFilter(virConnectPtr conn,
-         goto cleanup;
-     }
- 
--    rc = __virNWFilterInstantiateFilter(vmuuid,
-+    rc = __virNWFilterInstantiateFilter(driver,
-+                                        vmuuid,
-                                         teardownOld,
-                                         net->ifname,
-                                         ifindex,
-@@ -958,7 +959,6 @@ _virNWFilterInstantiateFilter(virConnectPtr conn,
-                                         net->filter,
-                                         net->filterparams,
-                                         useNewFilter,
--                                        conn->nwfilterPrivateData,
-                                         false,
-                                         foundNewFilter);
- 
-@@ -970,22 +970,23 @@ cleanup:
- 
- 
- int
--virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
-+virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver,
-+                                 const unsigned char *vmuuid,
-                                  const char *ifname,
-                                  int ifindex,
-                                  const char *linkdev,
-                                  enum virDomainNetType nettype,
-                                  const virMacAddrPtr macaddr,
-                                  const char *filtername,
--                                 virNWFilterHashTablePtr filterparams,
--                                 virNWFilterDriverStatePtr driver)
-+                                 virNWFilterHashTablePtr filterparams)
- {
-     int rc;
-     bool foundNewFilter = false;
- 
-     virNWFilterLockFilterUpdates();
- 
--    rc = __virNWFilterInstantiateFilter(vmuuid,
-+    rc = __virNWFilterInstantiateFilter(driver,
-+                                        vmuuid,
-                                         true,
-                                         ifname,
-                                         ifindex,
-@@ -995,7 +996,6 @@ virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
-                                         filtername,
-                                         filterparams,
-                                         INSTANTIATE_ALWAYS,
--                                        driver,
-                                         true,
-                                         &foundNewFilter);
-     if (rc < 0) {
-@@ -1015,13 +1015,13 @@ virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
- 
- 
- int
--virNWFilterInstantiateFilter(virConnectPtr conn,
-+virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver,
-                              const unsigned char *vmuuid,
-                              const virDomainNetDefPtr net)
- {
-     bool foundNewFilter = false;
- 
--    return _virNWFilterInstantiateFilter(conn, vmuuid, net,
-+    return _virNWFilterInstantiateFilter(driver, vmuuid, net,
-                                          1,
-                                          INSTANTIATE_ALWAYS,
-                                          &foundNewFilter);
-@@ -1029,14 +1029,14 @@ virNWFilterInstantiateFilter(virConnectPtr conn,
- 
- 
- int
--virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
-+virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver,
-                                    const unsigned char *vmuuid,
-                                    const virDomainNetDefPtr net,
-                                    bool *skipIface)
- {
-     bool foundNewFilter = false;
- 
--    int rc = _virNWFilterInstantiateFilter(conn, vmuuid, net,
-+    int rc = _virNWFilterInstantiateFilter(driver, vmuuid, net,
-                                            0,
-                                            INSTANTIATE_FOLLOW_NEWFILTER,
-                                            &foundNewFilter);
-@@ -1154,7 +1154,7 @@ virNWFilterDomainFWUpdateCB(virDomainObjPtr obj,
-             if ((net->filter) && (net->ifname)) {
-                 switch (cb->step) {
-                 case STEP_APPLY_NEW:
--                    ret = virNWFilterUpdateInstantiateFilter(cb->conn,
-+                    ret = virNWFilterUpdateInstantiateFilter(cb->opaque,
-                                                              vm->uuid,
-                                                              net,
-                                                              &skipIface);
-@@ -1179,7 +1179,7 @@ virNWFilterDomainFWUpdateCB(virDomainObjPtr obj,
-                     break;
- 
-                 case STEP_APPLY_CURRENT:
--                    ret = virNWFilterInstantiateFilter(cb->conn,
-+                    ret = virNWFilterInstantiateFilter(cb->opaque,
-                                                        vm->uuid,
-                                                        net);
-                     if (ret)
-diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h
-index 4b47b4a..8528e2a 100644
---- a/src/nwfilter/nwfilter_gentech_driver.h
-+++ b/src/nwfilter/nwfilter_gentech_driver.h
-@@ -39,23 +39,23 @@ enum instCase {
- };
- 
- 
--int virNWFilterInstantiateFilter(virConnectPtr conn,
-+int virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver,
-                                  const unsigned char *vmuuid,
-                                  const virDomainNetDefPtr net);
--int virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
-+int virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver,
-                                        const unsigned char *vmuuid,
-                                        const virDomainNetDefPtr net,
-                                        bool *skipIface);
- 
--int virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
-+int virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver,
-+                                     const unsigned char *vmuuid,
-                                      const char *ifname,
-                                      int ifindex,
-                                      const char *linkdev,
-                                      enum virDomainNetType nettype,
-                                      const virMacAddrPtr macaddr,
-                                      const char *filtername,
--                                     virNWFilterHashTablePtr filterparams,
--                                     virNWFilterDriverStatePtr driver);
-+                                     virNWFilterHashTablePtr filterparams);
- 
- int virNWFilterTeardownFilter(const virDomainNetDefPtr net);
- 
-diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c
-index 7e67203..093158a 100644
---- a/src/nwfilter/nwfilter_learnipaddr.c
-+++ b/src/nwfilter/nwfilter_learnipaddr.c
-@@ -612,15 +612,15 @@ learnIPAddressThread(void *arg)
-                           "cache for interface %s"), inetaddr, req->ifname);
-             }
- 
--            ret = virNWFilterInstantiateFilterLate(NULL,
-+            ret = virNWFilterInstantiateFilterLate(req->driver,
-+                                                   NULL,
-                                                    req->ifname,
-                                                    req->ifindex,
-                                                    req->linkdev,
-                                                    req->nettype,
-                                                    &req->macaddr,
-                                                    req->filtername,
--                                                   req->filterparams,
--                                                   req->driver);
-+                                                   req->filterparams);
-             VIR_DEBUG("Result from applying firewall rules on "
-                       "%s with IP addr %s : %d\n", req->ifname, inetaddr, ret);
-         }

0004-rpc-ensure-daemon-is-spawn-even-if-dead-socket-exist.patch

@@ -0,0 +1,30 @@
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Fri, 3 Jul 2015 16:51:56 +0100
+Subject: [PATCH] rpc: ensure daemon is spawn even if dead socket exists
+
+The auto-spawn code would originally attempt to spawn the
+daemon for both ENOENT and ECONNREFUSED errors from connect().
+The various refactorings eventually lost this so we only
+spawn the daemon on ENOENT. The result is if the daemon exits
+uncleanly, so that the socket is left in the filesystem, we
+will never be able to auto-spawn the daemon again.
+
+(cherry picked from commit 406ee8c226d2197ba1aaecb9cf3ad2b6df31ae44)
+---
+ src/rpc/virnetsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 51f94d4..6153e0e 100644
+--- a/src/rpc/virnetsocket.c
++++ b/src/rpc/virnetsocket.c
+@@ -610,7 +610,8 @@ int virNetSocketNewConnectUNIX(const char *path,
+ 
+     while (retries &&
+            connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
+-        if (!(spawnDaemon && errno == ENOENT)) {
++        if (!(spawnDaemon && (errno == ENOENT ||
++                              errno == ECONNREFUSED))) {
+             virReportSystemError(errno, _("Failed to connect socket to '%s'"),
+                                  path);
+             goto cleanup;

0005-Remove-use-of-virConnectPtr-from-all-remaining-nwfil.patch

@@ -1,382 +0,0 @@
-From 1766db28533e2b5a96792aa0811e5364e0bb54d4 Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Thu, 3 Oct 2013 14:07:00 +0100
-Subject: [PATCH] Remove use of virConnectPtr from all remaining nwfilter code
-
-The virConnectPtr is passed around loads of nwfilter code in
-order to provide it as a parameter to the callback registered
-by the virt drivers. None of the virt drivers use this param
-though, so it serves no purpose.
-
-Avoiding the need to pass a virConnectPtr means that the
-nwfilterStateReload method no longer needs to open a bogus
-QEMU driver connection. This addresses a race condition that
-can lead to a crash on startup.
-
-The nwfilter driver starts before the QEMU driver and registers
-some callbacks with DBus to detect firewalld reload. If the
-firewalld reload happens while the QEMU driver is still starting
-up though, the nwfilterStateReload method will open a connection
-to the partially initialized QEMU driver and cause a crash.
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
----
- src/conf/nwfilter_conf.c       | 49 ++++++++++++++++--------------------------
- src/conf/nwfilter_conf.h       | 14 +++++-------
- src/lxc/lxc_driver.c           |  3 +--
- src/nwfilter/nwfilter_driver.c | 42 ++++++++++++++----------------------
- src/qemu/qemu_driver.c         |  3 +--
- src/uml/uml_driver.c           |  3 +--
- 6 files changed, 43 insertions(+), 71 deletions(-)
-
-diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
-index 9927f7e..7152aae 100644
---- a/src/conf/nwfilter_conf.c
-+++ b/src/conf/nwfilter_conf.c
-@@ -2744,8 +2744,7 @@ cleanup:
- 
- 
- static int
--_virNWFilterDefLoopDetect(virConnectPtr conn,
--                          virNWFilterObjListPtr nwfilters,
-+_virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters,
-                           virNWFilterDefPtr def,
-                           const char *filtername)
- {
-@@ -2769,7 +2768,7 @@ _virNWFilterDefLoopDetect(virConnectPtr conn,
-             obj = virNWFilterObjFindByName(nwfilters,
-                                            entry->include->filterref);
-             if (obj) {
--                rc = _virNWFilterDefLoopDetect(conn, nwfilters,
-+                rc = _virNWFilterDefLoopDetect(nwfilters,
-                                                obj->def, filtername);
- 
-                 virNWFilterObjUnlock(obj);
-@@ -2785,7 +2784,6 @@ _virNWFilterDefLoopDetect(virConnectPtr conn,
- 
- /*
-  * virNWFilterDefLoopDetect:
-- * @conn: pointer to virConnect object
-  * @nwfilters : the nwfilters to search
-  * @def : the filter definition that may add a loop and is to be tested
-  *
-@@ -2795,11 +2793,10 @@ _virNWFilterDefLoopDetect(virConnectPtr conn,
-  * Returns 0 in case no loop was detected, -1 otherwise.
-  */
- static int
--virNWFilterDefLoopDetect(virConnectPtr conn,
--                         virNWFilterObjListPtr nwfilters,
-+virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters,
-                          virNWFilterDefPtr def)
- {
--    return _virNWFilterDefLoopDetect(conn, nwfilters, def, def->name);
-+    return _virNWFilterDefLoopDetect(nwfilters, def, def->name);
- }
- 
- int nCallbackDriver;
-@@ -2858,7 +2855,7 @@ static void *virNWFilterDomainFWUpdateOpaque;
-  * error. This should be called upon reloading of the driver.
-  */
- int
--virNWFilterInstFiltersOnAllVMs(virConnectPtr conn)
-+virNWFilterInstFiltersOnAllVMs(void)
- {
-     size_t i;
-     struct domUpdateCBStruct cb = {
-@@ -2868,15 +2865,14 @@ virNWFilterInstFiltersOnAllVMs(virConnectPtr conn)
-     };
- 
-     for (i = 0; i < nCallbackDriver; i++)
--        callbackDrvArray[i]->vmFilterRebuild(conn,
--                                             virNWFilterDomainFWUpdateCB,
-+        callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB,
-                                              &cb);
- 
-     return 0;
- }
- 
- static int
--virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)
-+virNWFilterTriggerVMFilterRebuild(void)
- {
-     size_t i;
-     int ret = 0;
-@@ -2890,8 +2886,7 @@ virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)
-         return -1;
- 
-     for (i = 0; i < nCallbackDriver; i++) {
--        if (callbackDrvArray[i]->vmFilterRebuild(conn,
--                                                 virNWFilterDomainFWUpdateCB,
-+        if (callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB,
-                                                  &cb) < 0)
-             ret = -1;
-     }
-@@ -2900,15 +2895,13 @@ virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)
-         cb.step = STEP_TEAR_NEW; /* rollback */
- 
-         for (i = 0; i < nCallbackDriver; i++)
--            callbackDrvArray[i]->vmFilterRebuild(conn,
--                                                 virNWFilterDomainFWUpdateCB,
-+            callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB,
-                                                  &cb);
-     } else {
-         cb.step = STEP_TEAR_OLD; /* switch over */
- 
-         for (i = 0; i < nCallbackDriver; i++)
--            callbackDrvArray[i]->vmFilterRebuild(conn,
--                                                 virNWFilterDomainFWUpdateCB,
-+            callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB,
-                                                  &cb);
-     }
- 
-@@ -2919,14 +2912,13 @@ virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)
- 
- 
- int
--virNWFilterTestUnassignDef(virConnectPtr conn,
--                           virNWFilterObjPtr nwfilter)
-+virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter)
- {
-     int rc = 0;
- 
-     nwfilter->wantRemoved = 1;
-     /* trigger the update on VMs referencing the filter */
--    if (virNWFilterTriggerVMFilterRebuild(conn))
-+    if (virNWFilterTriggerVMFilterRebuild())
-         rc = -1;
- 
-     nwfilter->wantRemoved = 0;
-@@ -2965,8 +2957,7 @@ cleanup:
- }
- 
- virNWFilterObjPtr
--virNWFilterObjAssignDef(virConnectPtr conn,
--                        virNWFilterObjListPtr nwfilters,
-+virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters,
-                         virNWFilterDefPtr def)
- {
-     virNWFilterObjPtr nwfilter;
-@@ -2985,7 +2976,7 @@ virNWFilterObjAssignDef(virConnectPtr conn,
-         virNWFilterObjUnlock(nwfilter);
-     }
- 
--    if (virNWFilterDefLoopDetect(conn, nwfilters, def) < 0) {
-+    if (virNWFilterDefLoopDetect(nwfilters, def) < 0) {
-         virReportError(VIR_ERR_OPERATION_FAILED,
-                        "%s", _("filter would introduce a loop"));
-         return NULL;
-@@ -3004,7 +2995,7 @@ virNWFilterObjAssignDef(virConnectPtr conn,
- 
-         nwfilter->newDef = def;
-         /* trigger the update on VMs referencing the filter */
--        if (virNWFilterTriggerVMFilterRebuild(conn)) {
-+        if (virNWFilterTriggerVMFilterRebuild()) {
-             nwfilter->newDef = NULL;
-             virNWFilterUnlockFilterUpdates();
-             virNWFilterObjUnlock(nwfilter);
-@@ -3046,8 +3037,7 @@ virNWFilterObjAssignDef(virConnectPtr conn,
- 
- 
- static virNWFilterObjPtr
--virNWFilterObjLoad(virConnectPtr conn,
--                   virNWFilterObjListPtr nwfilters,
-+virNWFilterObjLoad(virNWFilterObjListPtr nwfilters,
-                    const char *file,
-                    const char *path)
- {
-@@ -3066,7 +3056,7 @@ virNWFilterObjLoad(virConnectPtr conn,
-         return NULL;
-     }
- 
--    if (!(nwfilter = virNWFilterObjAssignDef(conn, nwfilters, def))) {
-+    if (!(nwfilter = virNWFilterObjAssignDef(nwfilters, def))) {
-         virNWFilterDefFree(def);
-         return NULL;
-     }
-@@ -3082,8 +3072,7 @@ virNWFilterObjLoad(virConnectPtr conn,
- 
- 
- int
--virNWFilterLoadAllConfigs(virConnectPtr conn,
--                          virNWFilterObjListPtr nwfilters,
-+virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters,
-                           const char *configDir)
- {
-     DIR *dir;
-@@ -3111,7 +3100,7 @@ virNWFilterLoadAllConfigs(virConnectPtr conn,
-         if (!(path = virFileBuildPath(configDir, entry->d_name, NULL)))
-             continue;
- 
--        nwfilter = virNWFilterObjLoad(conn, nwfilters, entry->d_name, path);
-+        nwfilter = virNWFilterObjLoad(nwfilters, entry->d_name, path);
-         if (nwfilter)
-             virNWFilterObjUnlock(nwfilter);
- 
-diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
-index e470615..29906f1 100644
---- a/src/conf/nwfilter_conf.h
-+++ b/src/conf/nwfilter_conf.h
-@@ -687,12 +687,10 @@ int virNWFilterObjSaveDef(virNWFilterDriverStatePtr driver,
- 
- int virNWFilterObjDeleteDef(virNWFilterObjPtr nwfilter);
- 
--virNWFilterObjPtr virNWFilterObjAssignDef(virConnectPtr conn,
--                                          virNWFilterObjListPtr nwfilters,
-+virNWFilterObjPtr virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters,
-                                           virNWFilterDefPtr def);
- 
--int virNWFilterTestUnassignDef(virConnectPtr conn,
--                               virNWFilterObjPtr nwfilter);
-+int virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter);
- 
- virNWFilterDefPtr virNWFilterDefParseNode(xmlDocPtr xml,
-                                           xmlNodePtr root);
-@@ -706,8 +704,7 @@ int virNWFilterSaveXML(const char *configDir,
- int virNWFilterSaveConfig(const char *configDir,
-                           virNWFilterDefPtr def);
- 
--int virNWFilterLoadAllConfigs(virConnectPtr conn,
--                              virNWFilterObjListPtr nwfilters,
-+int virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters,
-                               const char *configDir);
- 
- char *virNWFilterConfigFile(const char *dir,
-@@ -725,11 +722,10 @@ void virNWFilterUnlockFilterUpdates(void);
- int virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB, void *opaque);
- void virNWFilterConfLayerShutdown(void);
- 
--int virNWFilterInstFiltersOnAllVMs(virConnectPtr conn);
-+int virNWFilterInstFiltersOnAllVMs(void);
- 
- 
--typedef int (*virNWFilterRebuild)(virConnectPtr conn,
--                                  virDomainObjListIterator domUpdateCB,
-+typedef int (*virNWFilterRebuild)(virDomainObjListIterator domUpdateCB,
-                                   void *data);
- typedef void (*virNWFilterVoidCall)(void);
- 
-diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
-index 8b13f84..e3a34d6 100644
---- a/src/lxc/lxc_driver.c
-+++ b/src/lxc/lxc_driver.c
-@@ -84,8 +84,7 @@ virLXCDriverPtr lxc_driver = NULL;
- 
- /* callbacks for nwfilter */
- static int
--lxcVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
--                   virDomainObjListIterator iter, void *data)
-+lxcVMFilterRebuild(virDomainObjListIterator iter, void *data)
- {
-     return virDomainObjListForEach(lxc_driver->domains, iter, data);
- }
-diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
-index 6e20e03..d25c6f2 100644
---- a/src/nwfilter/nwfilter_driver.c
-+++ b/src/nwfilter/nwfilter_driver.c
-@@ -235,8 +235,7 @@ nwfilterStateInitialize(bool privileged,
- 
-     VIR_FREE(base);
- 
--    if (virNWFilterLoadAllConfigs(NULL,
--                                  &driverState->nwfilters,
-+    if (virNWFilterLoadAllConfigs(&driverState->nwfilters,
-                                   driverState->configDir) < 0)
-         goto error;
- 
-@@ -272,37 +271,28 @@ err_free_driverstate:
-  * files and update its state
-  */
- static int
--nwfilterStateReload(void) {
--    virConnectPtr conn;
--
--    if (!driverState) {
-+nwfilterStateReload(void)
-+{
-+    if (!driverState)
-         return -1;
--    }
- 
-     if (!driverState->privileged)
-         return 0;
- 
--    conn = virConnectOpen("qemu:///system");
--
--    if (conn) {
--        virNWFilterDHCPSnoopEnd(NULL);
--        /* shut down all threads -- they will be restarted if necessary */
--        virNWFilterLearnThreadsTerminate(true);
--
--        nwfilterDriverLock(driverState);
--        virNWFilterCallbackDriversLock();
-+    virNWFilterDHCPSnoopEnd(NULL);
-+    /* shut down all threads -- they will be restarted if necessary */
-+    virNWFilterLearnThreadsTerminate(true);
- 
--        virNWFilterLoadAllConfigs(conn,
--                                  &driverState->nwfilters,
--                                  driverState->configDir);
-+    nwfilterDriverLock(driverState);
-+    virNWFilterCallbackDriversLock();
- 
--        virNWFilterCallbackDriversUnlock();
--        nwfilterDriverUnlock(driverState);
-+    virNWFilterLoadAllConfigs(&driverState->nwfilters,
-+                              driverState->configDir);
- 
--        virNWFilterInstFiltersOnAllVMs(conn);
-+    virNWFilterCallbackDriversUnlock();
-+    nwfilterDriverUnlock(driverState);
- 
--        virConnectClose(conn);
--    }
-+    virNWFilterInstFiltersOnAllVMs();
- 
-     return 0;
- }
-@@ -573,7 +563,7 @@ nwfilterDefineXML(virConnectPtr conn,
-     if (virNWFilterDefineXMLEnsureACL(conn, def) < 0)
-         goto cleanup;
- 
--    if (!(nwfilter = virNWFilterObjAssignDef(conn, &driver->nwfilters, def)))
-+    if (!(nwfilter = virNWFilterObjAssignDef(&driver->nwfilters, def)))
-         goto cleanup;
- 
-     if (virNWFilterObjSaveDef(driver, nwfilter, def) < 0) {
-@@ -617,7 +607,7 @@ nwfilterUndefine(virNWFilterPtr obj) {
-     if (virNWFilterUndefineEnsureACL(obj->conn, nwfilter->def) < 0)
-         goto cleanup;
- 
--    if (virNWFilterTestUnassignDef(obj->conn, nwfilter) < 0) {
-+    if (virNWFilterTestUnassignDef(nwfilter) < 0) {
-         virReportError(VIR_ERR_OPERATION_INVALID,
-                        "%s",
-                        _("nwfilter is in use"));
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index e8bc04d..068d29f 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -177,8 +177,7 @@ static void
- qemuVMDriverUnlock(void) {}
- 
- static int
--qemuVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
--                    virDomainObjListIterator iter, void *data)
-+qemuVMFilterRebuild(virDomainObjListIterator iter, void *data)
- {
-     return virDomainObjListForEach(qemu_driver->domains, iter, data);
- }
-diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c
-index 9ca352f..eb02542 100644
---- a/src/uml/uml_driver.c
-+++ b/src/uml/uml_driver.c
-@@ -148,8 +148,7 @@ static int umlMonitorCommand(const struct uml_driver *driver,
- static struct uml_driver *uml_driver = NULL;
- 
- static int
--umlVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
--                   virDomainObjListIterator iter, void *data)
-+umlVMFilterRebuild(virDomainObjListIterator iter, void *data)
- {
-     return virDomainObjListForEach(uml_driver->domains, iter, data);
- }

0005-rpc-socket-Minor-cleanups.patch

@@ -0,0 +1,48 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 11 Jan 2016 20:01:24 -0500
+Subject: [PATCH] rpc: socket: Minor cleanups
+
+- Add some debugging
+- Make the loop dependent only on retries
+- Make it explicit that connect(2) success exits the loop
+- Invert the error checking logic
+
+(cherry picked from commit f102c7146ed7f6e04af0ad3bce302476239f2502)
+---
+ src/rpc/virnetsocket.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 6153e0e..dcff69e 100644
+--- a/src/rpc/virnetsocket.c
++++ b/src/rpc/virnetsocket.c
+@@ -548,6 +548,9 @@ int virNetSocketNewConnectUNIX(const char *path,
+     char *rundir = NULL;
+     int ret = -1;
+ 
++    VIR_DEBUG("path=%s spawnDaemon=%d binary=%s", path, spawnDaemon,
++        NULLSTR(binary));
++
+     memset(&localAddr, 0, sizeof(localAddr));
+     memset(&remoteAddr, 0, sizeof(remoteAddr));
+ 
+@@ -608,10 +611,15 @@ int virNetSocketNewConnectUNIX(const char *path,
+     if (remoteAddr.data.un.sun_path[0] == '@')
+         remoteAddr.data.un.sun_path[0] = '\0';
+ 
+-    while (retries &&
+-           connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
+-        if (!(spawnDaemon && (errno == ENOENT ||
+-                              errno == ECONNREFUSED))) {
++    while (retries) {
++        if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) == 0) {
++            VIR_DEBUG("connect() succeeded");
++            break;
++        }
++        VIR_DEBUG("connect() failed: retries=%d errno=%d", retries, errno);
++
++        if (!spawnDaemon ||
++            (errno != ENOENT && errno != ECONNREFUSED)) {
+             virReportSystemError(errno, _("Failed to connect socket to '%s'"),
+                                  path);
+             goto cleanup;

0006-qemu-cgroup-Fix-crash-if-starting-nographics-guest.patch

@@ -1,31 +0,0 @@
-From 009332c5530a3f3419578b62b44a98ff8de31ca2 Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Tue, 1 Oct 2013 07:55:19 -0400
-Subject: [PATCH] qemu: cgroup: Fix crash if starting nographics guest
-
-We can dereference graphics[0] even if guest has no graphics device
-configured. I screwed this up in a216e6487255d3b65d97c7ec1fa5da63dbced902
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1014088
-(cherry picked from commit a924d9d083c215df6044387057c501d9aa338b96)
----
- src/qemu/qemu_cgroup.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
-index f95c7f2..ace7e35 100644
---- a/src/qemu/qemu_cgroup.c
-+++ b/src/qemu/qemu_cgroup.c
-@@ -490,9 +490,10 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
- 
-     if (vm->def->nsounds &&
-         ((!vm->def->ngraphics && cfg->nogfxAllowHostAudio) ||
--         ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
-+         (vm->def->graphics &&
-+          ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
-            cfg->vncAllowHostAudio) ||
--           (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)))) {
-+           (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL))))) {
-         rv = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_SND_MAJOR,
-                                        VIR_CGROUP_DEVICE_RW);
-         virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_SND_MAJOR,

0006-rpc-socket-Explicitly-error-if-we-exceed-retry-count.patch

@@ -0,0 +1,40 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 11 Jan 2016 20:08:45 -0500
+Subject: [PATCH] rpc: socket: Explicitly error if we exceed retry count
+
+When we autolaunch libvirtd for session URIs, we spin in a retry
+loop waiting for the daemon to start and the connect(2) to succeed.
+
+However if we exceed the retry count, we don't explicitly raise an
+error, which can yield a slew of different error messages elsewhere
+in the code.
+
+Explicitly raise the last connect(2) failure if we run out of retries.
+
+(cherry picked from commit 8da02d528068942303923fc4f935e77cccac9c7c)
+---
+ src/rpc/virnetsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index dcff69e..90951be 100644
+--- a/src/rpc/virnetsocket.c
++++ b/src/rpc/virnetsocket.c
+@@ -618,7 +618,9 @@ int virNetSocketNewConnectUNIX(const char *path,
+         }
+         VIR_DEBUG("connect() failed: retries=%d errno=%d", retries, errno);
+ 
++        retries--;
+         if (!spawnDaemon ||
++            retries == 0 ||
+             (errno != ENOENT && errno != ECONNREFUSED)) {
+             virReportSystemError(errno, _("Failed to connect socket to '%s'"),
+                                  path);
+@@ -628,7 +630,6 @@ int virNetSocketNewConnectUNIX(const char *path,
+         if (virNetSocketForkDaemon(binary) < 0)
+             goto cleanup;
+ 
+-        retries--;
+         usleep(5000);
+     }
+ 

0007-rpc-socket-Don-t-repeatedly-attempt-to-launch-daemon.patch

@@ -0,0 +1,43 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 11 Jan 2016 20:13:38 -0500
+Subject: [PATCH] rpc: socket: Don't repeatedly attempt to launch daemon
+
+On every socket connect(2) attempt we were re-launching session
+libvirtd, up to 100 times in 5 seconds.
+
+This understandably caused some weird load races and intermittent
+qemu:///session startup failures
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1271183
+(cherry picked from commit 2eb7a975756d05a5b54ab4acf60083beb6161ac6)
+---
+ src/rpc/virnetsocket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 90951be..2ee4b6e 100644
+--- a/src/rpc/virnetsocket.c
++++ b/src/rpc/virnetsocket.c
+@@ -547,6 +547,7 @@ int virNetSocketNewConnectUNIX(const char *path,
+     virSocketAddr remoteAddr;
+     char *rundir = NULL;
+     int ret = -1;
++    bool daemonLaunched = false;
+ 
+     VIR_DEBUG("path=%s spawnDaemon=%d binary=%s", path, spawnDaemon,
+         NULLSTR(binary));
+@@ -627,8 +628,12 @@ int virNetSocketNewConnectUNIX(const char *path,
+             goto cleanup;
+         }
+ 
+-        if (virNetSocketForkDaemon(binary) < 0)
+-            goto cleanup;
++        if (!daemonLaunched) {
++            if (virNetSocketForkDaemon(binary) < 0)
++                goto cleanup;
++
++            daemonLaunched = true;
++        }
+ 
+         usleep(5000);
+     }

0008-security-Do-not-restore-kernel-and-initrd-labels.patch

@@ -0,0 +1,57 @@
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 15 Jan 2016 10:55:58 +0100
+Subject: [PATCH] security: Do not restore kernel and initrd labels
+
+Kernel/initrd files are essentially read-only shareable images and thus
+should be handled in the same way. We already use the appropriate label
+for kernel/initrd files when starting a domain, but when a domain gets
+destroyed we would remove the labels which would make other running
+domains using the same files very unhappy.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=921135
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit 68acc701bd449481e3206723c25b18fcd3d261b7)
+---
+ src/security/security_dac.c     | 8 --------
+ src/security/security_selinux.c | 8 --------
+ 2 files changed, 16 deletions(-)
+
+diff --git a/src/security/security_dac.c b/src/security/security_dac.c
+index deb6980..d01215f 100644
+--- a/src/security/security_dac.c
++++ b/src/security/security_dac.c
+@@ -971,14 +971,6 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
+         virSecurityDACRestoreSecurityFileLabel(def->os.loader->nvram) < 0)
+         rc = -1;
+ 
+-    if (def->os.kernel &&
+-        virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
+-        rc = -1;
+-
+-    if (def->os.initrd &&
+-        virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
+-        rc = -1;
+-
+     if (def->os.dtb &&
+         virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
+         rc = -1;
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 6e67a86..2475a80 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -1953,14 +1953,6 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
+         virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.loader->nvram) < 0)
+         rc = -1;
+ 
+-    if (def->os.kernel &&
+-        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.kernel) < 0)
+-        rc = -1;
+-
+-    if (def->os.initrd &&
+-        virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
+-        rc = -1;
+-
+     if (def->os.dtb &&
+         virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
+         rc = -1;

0009-rpc-wait-longer-for-session-daemon-to-start-up.patch

@@ -0,0 +1,37 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 15 Mar 2016 17:04:32 -0400
+Subject: [PATCH] rpc: wait longer for session daemon to start up
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1271183
+
+We only wait 0.5 seconds for the session daemon to start up and present
+its socket, which isn't sufficient for many users. Bump up the sleep
+interval and retry amount so we wait for a total of 5.0 seconds.
+
+(cherry picked from commit ca0c06f4008154de55e0b3109885facd0bf02d32)
+---
+ src/rpc/virnetsocket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
+index 2ee4b6e..275f1f5 100644
+--- a/src/rpc/virnetsocket.c
++++ b/src/rpc/virnetsocket.c
+@@ -542,7 +542,7 @@ int virNetSocketNewConnectUNIX(const char *path,
+     char *lockpath = NULL;
+     int lockfd = -1;
+     int fd = -1;
+-    int retries = 100;
++    int retries = 500;
+     virSocketAddr localAddr;
+     virSocketAddr remoteAddr;
+     char *rundir = NULL;
+@@ -635,7 +635,7 @@ int virNetSocketNewConnectUNIX(const char *path,
+             daemonLaunched = true;
+         }
+ 
+-        usleep(5000);
++        usleep(10000);
+     }
+ 
+     localAddr.len = sizeof(localAddr.data);

0010-driver-log-missing-modules-as-INFO-not-WARN.patch

@@ -0,0 +1,27 @@
+From: Jovanka Gulicoska <jovanka.gulicoska@gmail.com>
+Date: Thu, 17 Mar 2016 20:02:20 +0100
+Subject: [PATCH] driver: log missing modules as INFO, not WARN
+
+Missing modules is a common expected scenario for most libvirt usage on
+RPM distributions like Fedora, so it doesn't really warrant logging at
+WARN level. Use INFO instead
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1274849
+(cherry picked from commit 9a0c7f5f834185db9017c34aabc03ad99cf37bed)
+---
+ src/driver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/driver.c b/src/driver.c
+index db03438..f926fe4 100644
+--- a/src/driver.c
++++ b/src/driver.c
+@@ -62,7 +62,7 @@ virDriverLoadModule(const char *name)
+         return NULL;
+ 
+     if (access(modfile, R_OK) < 0) {
+-        VIR_WARN("Module %s not accessible", modfile);
++        VIR_INFO("Module %s not accessible", modfile);
+         goto cleanup;
+     }
+ 

0011-polkit-Allow-password-less-access-for-libvirt-group.patch

@@ -0,0 +1,126 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 28 Apr 2015 17:38:00 -0400
+Subject: [PATCH] polkit: Allow password-less access for 'libvirt' group
+
+Many users, who admin their own machines, want to be able to access
+system libvirtd via tools like virt-manager without having to enter
+a root password. Just google 'virt-manager without password' and
+you'll find many hits. I've read at least 5 blog posts over the years
+describing slightly different ways of achieving this goal.
+
+Let's finally add official support for this.
+
+Install a polkit-1 rules file granting password-less auth for any user
+in the new 'libvirt' group. Create the group on RPM install
+
+https://bugzilla.redhat.com/show_bug.cgi?id=957300
+(cherry picked from commit e94979e901517af9fdde358d7b7c92cc055dd50c)
+---
+ daemon/Makefile.am   | 13 +++++++++++++
+ daemon/libvirt.rules |  9 +++++++++
+ libvirt.spec.in      | 15 +++++++++++++--
+ 3 files changed, 35 insertions(+), 2 deletions(-)
+ create mode 100644 daemon/libvirt.rules
+
+diff --git a/daemon/Makefile.am b/daemon/Makefile.am
+index b95a79d..9c5ea37 100644
+--- a/daemon/Makefile.am
++++ b/daemon/Makefile.am
+@@ -53,6 +53,7 @@ EXTRA_DIST =						\
+ 	libvirtd.init.in				\
+ 	libvirtd.upstart				\
+ 	libvirtd.policy.in				\
++	libvirt.rules					\
+ 	libvirtd.sasl					\
+ 	libvirtd.service.in				\
+ 	libvirtd.socket.in				\
+@@ -233,6 +234,8 @@ policyauth = auth_admin_keep_session
+ else ! WITH_POLKIT0
+ policydir = $(datadir)/polkit-1/actions
+ policyauth = auth_admin_keep
++rulesdir = $(datadir)/polkit-1/rules.d
++rulesfile = libvirt.rules
+ endif ! WITH_POLKIT0
+ endif WITH_POLKIT
+ 
+@@ -263,9 +266,19 @@ if WITH_POLKIT
+ install-data-polkit::
+ 	$(MKDIR_P) $(DESTDIR)$(policydir)
+ 	$(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
++if ! WITH_POLKIT0
++	$(MKDIR_P) $(DESTDIR)$(rulesdir)
++	$(INSTALL_DATA) $(srcdir)/$(rulesfile) $(DESTDIR)$(rulesdir)/50-libvirt.rules
++endif ! WITH_POLKIT0
++
+ uninstall-data-polkit::
+ 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+ 	rmdir $(DESTDIR)$(policydir) || :
++if ! WITH_POLKIT0
++	rm -f $(DESTDIR)$(rulesdir)/50-libvirt.rules
++	rmdir $(DESTDIR)$(rulesdir) || :
++endif ! WITH_POLKIT0
++
+ else ! WITH_POLKIT
+ install-data-polkit::
+ uninstall-data-polkit::
+diff --git a/daemon/libvirt.rules b/daemon/libvirt.rules
+new file mode 100644
+index 0000000..01a15fa
+--- /dev/null
++++ b/daemon/libvirt.rules
+@@ -0,0 +1,9 @@
++// Allow any user in the 'libvirt' group to connect to system libvirtd
++// without entering a password.
++
++polkit.addRule(function(action, subject) {
++    if (action.id == "org.libvirt.unix.manage" &&
++        subject.isInGroup("libvirt")) {
++        return polkit.Result.YES;
++    }
++});
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index dc327a2..a23629d 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -1631,9 +1631,9 @@ then
+ fi
+ 
+ %if %{with_libvirtd}
++%pre daemon
+     %if ! %{with_driver_modules}
+         %if %{with_qemu}
+-%pre daemon
+             %if 0%{?fedora} || 0%{?rhel} >= 6
+ # We want soft static allocation of well-known ids, as disk images
+ # are commonly shared across NFS mounts by id rather than name; see
+@@ -1647,11 +1647,21 @@ if ! getent passwd qemu >/dev/null; then
+     useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+   fi
+ fi
+-exit 0
+             %endif
+         %endif
+     %endif
+ 
++    %if %{with_polkit}
++        %if 0%{?fedora} || 0%{?rhel} >= 6
++# 'libvirt' group is just to allow password-less polkit access to
++# libvirtd. The uid number is irrelevant, so we use dynamic allocation
++# described at the above link.
++getent group libvirt >/dev/null || groupadd -r libvirt
++        %endif
++    %endif
++
++exit 0
++
+ %post daemon
+ 
+     %if %{with_systemd}
+@@ -1925,6 +1935,7 @@ exit 0
+         %if 0%{?fedora} || 0%{?rhel} >= 6
+ %{_datadir}/polkit-1/actions/org.libvirt.unix.policy
+ %{_datadir}/polkit-1/actions/org.libvirt.api.policy
++%{_datadir}/polkit-1/rules.d/50-libvirt.rules
+         %else
+ %{_datadir}/PolicyKit/policy/org.libvirt.unix.policy
+         %endif

sources

@@ -1,2 +1 @@
-1835bbfa492099bce12e2934870e5611  libvirt-1.1.2.tar.gz
-b0dfe373ebe0c588b42a28c14d36a3e6  libvirt-1.1.3.tar.gz
+05f461cd499c628ef07822dd607c340a  libvirt-1.2.13.2.tar.gz